Jump to content

Funny URLs in inkjet spam


rconner

Recommended Posts

See Tracking Link

The message contains URLs that seem to be completely broken, yet Apple Mail was able to get them to resolve. Could have something to do with translating from UTF-8 to US-ASCII (the URLs contain lots of 8-bit characters). I used tcpdump to watch my browser's conversation with DNS and saw that it had basically stripped out all the 8-bit characters, and somehow magically converted commas to dots.

Someday when I have leisure time I'm going to have to look into this, it's a kind of obfuscation I've not seen in a month of Sundays.

-- rick

Link to comment
Share on other sites

Presumably resolved by IE8 as well but I can't test that. You certainly get some interesting mail Rick - sent from Chile (don't know what it's like now but once every second PC in the land seemed to be "owned"), links to a Ukrainian-registered, Romanian-hosted website which doesn't seem to do any regular business at all.

Link to comment
Share on other sites

Many browsers when faced with a url like that will automatically insert ".com", then try.net and .org if the .com fails to resolve.

In Opera you can turn that off. Haven't found out how to to that in Firefox without an add-on.

But it appears to be a sneaky trick to get the spam to work while busting Spamcop's parser.

Cheers!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...